Fool me once, fool me twice
It’s not as if machine learning models aren’t incredibly easy to fool?
The transcript of a keynote I gave at the Future of Cyber Security conference held at Prospero House in London in November 2024, during which I talked about machine learning, the internet of things, edge computing, and how the new attack surfaces introduced by the arrival of artificial intelligence changes things.
Everyone loves a zero day, they’re exciting. They’re why a lot of us ended up doing security work in the first place. Realistically though, no matter how good a news story they make when they’re discovered, and how much fun we have with them, we all know that most security breaches aren’t from those. They’re from someone clicking on a link in a phishing email and entering their details into a fake website.
Statistics that suggest that somewhere between 80 to 90 percent of attacks start with a phishing email. Inevitably humans are the biggest vulnerability in any system, the least secure part, and it’s likely that’s not going to change any time soon.
But why we need security might be about to, because of how our model of computing is changing. Traditionally security vulnerabilities mean access, and access means data. We defend our systems to prevent data loss. But the problems with Internet of…
